Wednesday, February 01, 2017

InfoSec Start-up Advising and Product Recommendations

As a long-time InfoSec veteran and entrepreneur, I’m often asked by company founders to join their advisory board and lend a hand. Sometimes the founders need someone with experience they can trust to bounce ideas off of, provide guidance on how to scale their business, point out the many pitfalls to avoid, make key introductions, and so on. I’ve been in this advisor role for many years, as well as mentoring more than fifty young businesses over the last five years alone through a startup incubator. Making this contribution has been highly rewarding, both personally and professionally. It leverages the many successes and mistakes I’ve made in my career to help others. Advising and mentoring is something I plan to continue doing for the foreseeable future. The only downside is that due to time constraints, I have to be extremely selective.

When I come across a hot new start-up, I fully research the company, try out the product, research their target market, meet the management team, speak with a handful of customers, and if I have something useful to offer, only then do I feel comfortable enough to get involved. Oh, another requirement is that none should be competitive with one another. Because I do my homework and have a deep understanding of the information security industry, I’m often asked by colleagues what companies I’d recommend in a particular space or a product to solve a particular enterprise problem. For those interested, below is where I’ve placed my bets and what I’m recommending.

Full Disclosure: I’ve a financial interest in most of these companies below, but not all of them. And if I don't have a stake, it doesn't mean I won't recommend them -- I can be just as impressed otherwise. I’ve also indicated where I serve in an official advisory capacity.

"The pioneer and innovator in crowdsourced security testing for the enterprise, Bugcrowd harnesses the power of tens of thousands security researchers to surface critical software vulnerabilities and level the playing field in cybersecurity. Bugcrowd also provides a range of responsible disclosure and managed service options that allow companies to commission a customized security testing program that fits their specific requirements. Bugcrowd’s proprietary vulnerability disclosure platform is deployed by Tesla, Pinterest, Western Union, Fitbit and many others."

"WhiteHat Security is the leading provider of website risk management solutions. Sentinel, WhiteHat's flagship product, is the most accurate, complete and cost-effective website vulnerability management solution available. It delivers the flexibility, simplicity and manageability that organizations need to take control of website security and prevent Web attacks. WhiteHat Sentinel is built on a Software-as-a-Service (SaaS) platform designed from the ground up to scale massively, support the largest enterprises and offer the most compelling business efficiencies, lowering your overall cost of ownership."

"Kenna is a software-as-a-service Risk and Vulnerability Intelligence platform that accurately measures risk and prioritizes remediation efforts before an attacker can exploit an organization’s weaknesses. Kenna automates the correlation of vulnerability data, threat data, and 0-day data, analyzing security vulnerabilities against active Internet breaches so that InfoSec teams can prioritize remediations and report on their overall risk posture."

"AsTech Consulting is a security consulting company which helps clients understand their risks and what to do about them. As independent security specialists, we employ very experienced security professionals, more than half of which have over 15 years of relevant experience."

About Me

Jeremiah Grossman's career spans nearly 20 years and has lived a literal lifetime in computer security to become one of the industry's biggest names. He has received a number of industry awards, been publicly thanked by Microsoft, Mozilla, Google, Facebook, and many others for his security research. Jeremiah has written hundreds of articles and white papers. As an industry veteran, he has been featured in hundreds of media outlets around the world. Jeremiah has been a guest speaker on six continents at hundreds of events including many top universities. All of this was after Jeremiah served as an information security officer at Yahoo!